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Detailed Action 

Claims 1-12, 15-36, 38-41 are pending. Claims 13, 14, 37 have been cancelled. This 
is a response to the Amendment/Remarks/RCE filed on 4/14/10. 
Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 38 is rejected under 35 U.S.C. 101 because the claims fail to place the 
invention squarely within one statutory class of invention. 

The applicant specification, para. 158, recites, "In other embodiments, any 
suitable computer readable storage device, media or combination of devices and/or 
media, including primary storage such as RAM, ROM, cache memory, etc. or 
secondary storage such as magnetic media including fixed and removable disks and 
tapes;", however, the specification merely provides examples of what could be a 
computer readable media, the specification does not limit the " computer readable 
media ", given the broadest interpretation to non-transitory media. Therefore, since the 
specification has not provided a clear definition of " computer readable media ", 
computer readable media can be drawn to cover forms of non-transitory media and 
transitory propagating signal, based upon broadest reasonable interpretation. To 
overcome this rejection, it is recommended that the applicant amend the claims to add 
the limitation "non-transitory". 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

Claims 1-12,15-35,38 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over US Patent 6,766,165 issued to Sharma et al.(Sharma) in view of US Patent 
6,920,494 issued to Heitman et al(Heitman) in further view of US Patent 6,693,888 
issued to Cafarelli et al.(Cafarelli) in further view of US Publication 2003/0061506 
issued to Cooper et al. (Cooper) in further view of US Patent 5,636,344 issued to Lewis. 

As per claim 1 , Sharma teaches a method for mapping the topology of a 
wireless network(Fig.l), the method comprising the steps of: 

(b) identifying a relationship (1 ) between at least one of the wireless access 
points and at least one of the wireless network nodes(Fig.1-5, col.4, lines 45-55 ) or (2) 
between any two wireless network nodes based on the received scan data, a 
characteristic of at least one of the wireless access points, a characteristic of at least 
one of the wireless network nodes or combinations thereof(Fig.1 -5, col.4, lines 45-55); 
and (c) storing the identified relationship, access point characteristic, node 
characteristic or combinations thereof in a system data store as topology data(col.15, 
lines 58- col. 6, Iine39); wherein the wireless network comprises a wireless local area 
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network(col.5, lines 55-56). 

Sharma however does not explicitly teach receiving scan data 
comprising information collected from IEEE 802.11 management and control 
frames transmitted on the wireless network; wherein the received scan data is 
received from a wireless sensor configured to monitor the wireless network and 
collect information from frames transmitted on the wireless network, wherein the 
scan data is associated with monitoring of one or more network or nodes or 
combination thereof and wherein the relationship is identified responsive to an 
analysis of the scan data and responsive to a relationship between the wireless 
sensor and a server; formatting the stored topology data based upon a desired 
output format; repeating steps (a) through (d) a plurality of times, wherein the 
system data store stores topology data for each repetition, and wherein 
potential security and policy violations are detected responsive to historical 
topology data. 

Heitman teaches receiving scan data associated with monitoring of one 
or more network or nodes or combination thereof(Abstract); formatting the 
stored topology data based upon a desired output format(Figs. 28-34, col. 3, 
lines 33-45). 

Therefore it would have been obvious to one ordinary skill in the art at 
the time of the invention to modify the teachings of Sharma to include receiving 
scan data associated with monitoring of one or more network or nodes or 
combination thereof as taught by Heitman in order to resolve network 
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topology(Heitman, col .2, lines 60-67); the step of repeating steps (a) through (d) 
a plurality of times, wherein the system data store stores topology data for each 
repetition, (Heitman, Figs. 28-34). 

One ordinary skill in the art at the time of the invention would have been 
motivated to combine the teachings of Sharma and Heitman in order to provide 
a system to manage policies for networks(Hietman, col .2, lines 3-30). 

Sharma in view of Heitman does not explicitly teach scan data 
comprising information collected from frames transmitted on the wireless 
network, wherein the received scan data is received from a wireless sensor 
configured to monitor the wireless network and collect information from frames 
transmitted on the wireless network and wherein the relationship is identified 
responsive to an analysis of the scan data and responsive to a relationship 
between the wireless sensor and a server. 

However, Sharma, col. 25, lines 65-45, makes suggestions to different 
types of network and network technologies that can be used. 

Cafarelli teaches receiving scan data comprising information collected 
from IEEE 802.1 1 management and control frames transmitted on the wireless 
network, wherein the received scan data is received from a wireless sensor 
configured to monitor the wireless network and collect information from frames 
transmitted on the wireless network and wherein the relationship is identified 
responsive to an analysis of the scan data and responsive to a relationship 
between the wireless sensor and a server(Title, Fig. 13, col. 5, lines 45-49). 
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Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman to include s 
receiving scan data comprising information collected from IEEE 802.11 management 
and control frames transmitted on the wireless network, wherein the received scan data 
is received from a wireless sensor configured to monitor the wireless network and 
collect information from frames transmitted on the wireless network and wherein the 
relationship is identified responsive to an analysis of the scan data and responsive to a 
relationship between the wireless sensor and a server as taught by Cafarelli in order to 
efficiently monitor LAN(Cafarelli, col. 3, lines 9-15). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, and Cafarelli in order to efficiently monitor LAN(Cafarelli, col. 3, 
lines 9-15). 

Sharma, in view of Heitman in view of Cafarelli does not explicitly teach wherein 
potential security and policy violations are detected responsive to historical topology 
data. 

Cooper teaches a network security policy monitoring system where traffic is 
monitored to see whether certain events are allowed by specified policies(Abstract, 
Figs.1-32,para.0045-0046). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
Cafarelli to include detecting whether there are potential security and policy violations 
as taught by Cooper in order to improve security of a network(Cooper, para. 0003). 
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One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Cafarelli, and Cooper in order to improve security of a 
network(Cooper, para. 0003). 

Sharma in view of Heitman in further view of Cafarelli in further view of Cooper 
does not explicitly teach historical topology data. 

Lewis explicitly teaches historical topology data(col.9, lines 3-23). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
Cafarelli in further view of Coopers to include historical topology data as taught by Lewis 
in order to analyze faults(Lewis, col.1 , lines 5-7). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Cafarelli, Coopers, and Lewis, in order to analyze faults(Lewis, 
col.1, lines 5-7). 

As per claim 2., the method of claim 1 , and further comprising the step of 
initiating one or more scans of wireless transmissions to generate the scan 
data(Heitman, col. 31, lines 40-54). Motivation to combine set forth in claim 1 . 

As per claim 3, the method of claim 2, wherein the step of initiating one or more 
scans comprises initiating a plurality of scans(Heitman, col. 39, lines 1-39). Motivation 
to combine set forth in claim 1 . 

As per claim 4, the method of claim 3, wherein each of the plurality of scans is 
initiated upon a different wireless sensor(Heitman, col. 39, lines 1-39). Motivation to 
combine set forth in claim 1 . 
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As per claim 5, the method of claim 4, wherein each of the plurality of scans 
occurs simultaneously(Heitman, col.39, lines 1-39). Motivation to combine set forth in 
claim 1. 

As per claim 6, the method of claim 4, and further comprising the step of 
repeating the step of initiating the plurality scans(Heitman, col.39, lines 1-39). 
Motivation to combine set forth in claim 1 . 

As per claim 7, 9, wherein the repetition step occurs over a particular time 
period(Heitman, col.39, lines 1-39). Motivation to combine set forth in claim 1 . 

As per claim 8,10, and further comprising the step of determining the particular 
time period based upon configuration data, network security threat level, current 
network activity, historical network activity or combinations thereon(Heitman, col. 38, 
lines64-col.39, lines 55 ). Motivation to combine set forth in claim 1 . 

As per claim 1 1 , the method of claim 2, and further comprising the step of 
receiving a mapping request from a user or a computer and wherein the scan initiation 
step is responsive to the received mapping request(Sharma, col. 12, lines 40-59). 

As per claim 1 2, the method of claim 2, wherein the one or more initiated 
scans are initiated continuously or at periodic intervals(Heitman, col. 38, Iines64- 
col.39, lines 55 ). Motivation to combine set forth in claim 1 . 

As per claim 1 5, the method of claim 1 3, and further comprising the step of (e) 
storing the formatted topology data in a data store accessible by a server 
system(Sharma, col. 7, lines 15-31). 

As per claim 16, the method of claim 15, wherein the server system is an 
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HTTP server, a WAIS server, a gopher server, or an FTP server(Sharma, col. 7, 
lines 15-31). 

As per claim 17, the method of claim 13, wherein the desired output format is 
TIFF, GIF, JPEG, HTML, SMS, MIME, S/MIME, ZIP, SML, SGML, WAP, BMP or 
combinations thereof(Heitman, Figs. 28-34). 

As per claim 1 8, the method of claim 1 3, and further comprising the step of 
receiving a mapping request and wherein the formatting step is responsive to the 
received mapping request(Sharma, Figs. 1-5, col. 12, lines 40-59). 

As per claim 19, the method of claim 18, wherein the mapping request is 
received from a user or a computer system(Sharma, Figs. 1-5, col. 12, lines 40-59). 

As per claim 20, the method of claim 13, and further comprising detecting a 
mapping trigger event based upon the received scan data and wherein the formatting 
step is responsive to the detected trigger event (Sharma, Figs. 1-5, col. 12, lines 40-59, 
Heitman, col. 2, lines 3-30). Motivation to combine set forth in claim 1 . 

As per claim 21 , the method of claim 20, wherein the trigger event is a usage 
volume anomaly, a connectivity pattern anomaly, a policy violation, a security violation 
or combinations thereof(Sharma, Figs. 1-5, col. 12, lines 40-59, Heitman, col.2, lines 3- 
30). Motivation to combine set forth in claim 1 . 

As per claim 22, the method of claim 1 , and further comprising the step of 
(d) transmitting the stored topology data to a desired output device(Heitman, 
Figs. 28-34). Motivation to combine set forth in claim 1 . 

As per claim 23, the method of claim 22, and further comprising the step of 
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repeating steps (a) through (d) a plurality of times(Sharma, col.4, lines 15-67, 
Heitman, Abstract). Motivation to combine set forth in claim 1 . 

As per claim 24, the method of claim 22, and further comprising the steps of 
(e) determining a desired output format and (f) formatting the stored topology data 
based upon the desired output format prior to transmission(Sharma, col.4, lines 15- 
67, Heitman, Abstract). Motivation to combine set forth in claim 1 . 

As per claim 25, the method of claim 24, wherein the step of determining the 
desired output format comprises the step of determining the desired output format 
based upon configuration data, the desired output device, a mapping request or 
combinations thereo(Sharma, col.4, lines 15-67, Heitman, Figs. 28-34, Abstract). 
Motivation to combine set forth in claim 1 . 

As per claim 26, the method of claim 22, and further comprising the step of (e) 
determining the desired output device(Heitman, Figs. 28-34, Abstract). Motivation to 
combine set forth in claim 1 . 

As per claim 27, the method of claim 26, wherein step (e) comprises the step 
of determining the desired output device based upon configuration data, a mapping 
request or combinations thereof(Sharma, col.4, lines 15-67). 

As per claim 28, the method of claim 22, wherein the desired output device is a 
monitor, a printer, a further processing system, a pager, a telephone, a personal data 
assistant (PDA), an email account or a combination thereof (Heitman, Figs. 28-34, 
Abstract). Motivation to combine set forth in claim 1 . 
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As per claim 29, the method of claim 22, wherein the desired output device is 
capable of rendering graphical output and further comprising the step of (e) formatting 
the topology data in a manner to graphically represent characteristics or relationships 
prior to transmission; graphically represented characteristics or relationships comprise 
whether a wireless access point of the one or more wireless points is authorized, 
unauthorized, or ignored and whether a wireless network node of the one or more 
wireless network nodes is authorized, unauthorized, unassociated, an adhoc station, or 
ignored. (Heitman, Figs. 28-34, Abstract, Cooper.Abstract, Figs. 1-32, para. 0045-0046s, 
Figs.1 -5,9,1 8-34). Motivation to combine set forth in claim 1. 

As per claim 30, the method of claim 29, wherein the desired output device is 
capable of rendering color output and wherein the formatting step (e) comprises the 
step of formatting the topology data in manner using color to represent characteristics or 
relationships prior to transmission(Heitman, Figs.28-34, Abstract). Motivation to 
combine set forth in claim 1 . 

As per claim 31 , the method of claim 22, wherein the desired output device is 
capable of rendering color output and further comprising the step of (e) formatting the 
topology data in manner using color to represent characteristics or relationships prior 
to transmission(Heitman, Figs.28-34, Abstract). Motivation to combine set forth in 
claim 1. 

As per claim 32, the method of claim 1 , and further comprising the step of 
identifying a relationship between a plurality of the wireless nodes based on the 
received scan data in which no wireless access point is involved(Sharma, col. 12, lines 
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40-58). 

As per claim 33, Sharma teaches a system for mapping the topology of a wireless 
network(Fig.l), the system comprising: 

(a) storage means for storing topology data comprising access point 
characteristic data, wireless network node characteristic data, access point to 
node relationship data, node to node relationship data or combinations 
thereof(Fig.1-5, col.4, lines 45-55, col. 15, lines 58- col. 6, line 39); (d) analysis 
means for generating topology data by identifying from data received by the 
receiving means a characteristic of a wireless network node, a characteristic of 
an access point, an access point to node relationship, a node to node 
relationship, or combinations thereof and for storing the generated topology data 
in the storage means(Figs.1-5, col. 15, lines 58- col. 6, line 39); wired 
connection(Fig.1-5); wherein the wireless network comprises a wireless local 
area network(col.5, lines 55-56). 

Sharma however does not explicitly teach a characteristic of the wireless 
sensor, a point to sensor relationship, a node to sensor relationship; (c) receiving 
means for receiving data from the wireless sensor over one of a wireless or wired 
connection; (b) a wireless sensor for scanning transmissions within a network and 
generating scan data therefrom, wherein the scan data comprises information 
collected from IEEE 802.1 1 management and control frames transmitted on the 
wireless network, wherein the wireless sensor operates in a promiscuous mode; 
(e)output means for formatting topology data generated by the analysis means 
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based upon a desired output format and for transmitting the formatted topology data 
to a desired output device; and (f) topology comparison means for comparing 
topology data to prior topology data to evaluate potential security and policy 
violations of the wireless network. 

Heitman teaches a characteristic of the wireless sensor, a point to 
sensor relationship, a node to sensor relationship(Fig. 32-34, describes 
relationships between the nodes) (e)output means for formatting topology data 
generated by the analysis means based upon a desired output format and for 
transmitting the formatted topology data to a desired output device(Figs.28-34, 
col.3,lines 33-45). 

Therefore it would have been obvious to one ordinary skill in the art at 
the time of the invention to modify the teachings of Sharma to (b)monitoring 
means for scanning transmissions within a network and generating scan data 
therefrom; (e)output means for formatting topology data generated by the 
analysis means based upon a desired output format and for transmitting the 
formatted topology data to a desired output device as taught by Heitman in 
order to resolve network topology (Heitman, col. 2, lines 60-67). 

One ordinary skill in the art at the time of the invention would have been 
motivated to combine the teachings of Sharma and Heitman in order to provide a 
system to manage policies for networks(Hietman, col. 2, lines 3-30). 

Sharma in view of Heitman does not explicitly teach (b) a wireless sensor for 
scanning transmissions within a network and generating scan data therefrom, wherein 
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the scan data comprises information collected from IEEE 802.1 1 management and 
control frames transmitted on the wireless network, wherein the wireless sensor 
operates in a promiscuous mode; c) receiving means for receiving data from the 
wireless sensor over one of a wireless. 

However, Sharma, col. 25, lines 65-45, makes suggestions to different types of 
network and network technologies that can be used. 

Cafarelli teaches a characteristic of the wireless sensor, a point to sensor 
relationship, a node to sensor relationship(determines topology of LAN); (b) a wireless 
sensor for scanning transmissions within a network and generating scan data therefrom, 
wherein the scan data comprises information collected from IEEE 802.1 1 management 
and control frames transmitted on the wireless network, wherein the wireless sensor 
operates in a promiscuous mode (Fig. 13, col.5, lines 41-50, 65-67); c) receiving means 
for receiving data from the wireless sensor over one of a wireless(Fig.13, col.5, lines 41- 
50). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman to include(b) a 
wireless sensor for scanning transmissions within a network and generating scan data 
therefrom, wherein the scan data comprises information collected from IEEE 80.1 1 
management and control frames transmitted on the wireless network, wherein the 
wireless sensor operates in a promiscuous mode; c) receiving means for receiving data 
from the wireless sensor over one of a wireless as taught by Cafarelli in order to 
efficiently monitor LAN(Cafarelli, col. 3, lines 9-15). 
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One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, and Cafarelli in order to efficiently monitor LAN(Cafarelli, col. 3, 
lines 9-15). 

Sharma in view of Heitman in further view of Cafarelli does not explicitly teach f) 
topology comparison means for comparing historical topology data to evaluate potential 
security and policy violations of the wireless network. 

Cooper teaches a network security policy monitoring system where traffic is 
monitored to see whether certain events are allowed by specified policies(Abstract, 
Figs.1-32,para.0045-0046). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
Cafarelli to include detecting whether there are potential security and policy violations 
as taught by Cooper in order to improve security of a network(Cooper, para. 0003). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Cafarelli, and Cooper in order to improve security of a 
network(Cooper, para. 0003). 

Sharma in view of Heitman in further view of Cafarelli in further view of Cooper 
does not explicitly teach historical topology data. 

Lewis explicitly teaches historical topology data(col.9, lines 3-23). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
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Cafarelli in further view of Coopers to include historical topology data as taught by Lewis 
in order to analyze faults(Lewis, col.1, lines 5-7). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Cafarelli, Coopers, and Lewis, in order to analyze faults(Lewis, 
col.1, lines 5-7). 

As per claim 34, the system of claim 33, further comprising intrusion detection 
means for detecting a usage volume anomaly, a connectivity pattern anomaly, a policy 
violation, a security violation or combinations thereof, and wherein the output means is 
responsive to a mapping request from a trigger event from the intrusion detection 
means(Sharma, Figs. 1-5, col.1 2, lines 40-59, Heitman, col. 2, lines 3-30, Cooper, 
Abstract, Figs. 1-32, para. 0045-0046). Motivation to combine set forth in claim 33. 

As per claim 35, the system of claim 33, further comprising intrusion detection 
means for detecting a usage volume anomaly, a connectivity pattern anomaly, a policy 
violation, a security violation or combinations thereof, and wherein the monitoring 
means is responsive to a mapping request from a trigger event from the intrusion 
detection means(Sharma, Figs. 1-5, col. 12, lines 40-59, Heitman, col. 2, lines 3-30, 
Cooper, Abstract, Figs. 1-32, para. 0045-0046). Motivation to combine set forth in claim 
33. 

As per claim 38, Sharma teaches one or more computer-readable media 
storing instructions that upon execution by a system processor cause the 
system processor to map the topology of a wireless network by performing at 
least the steps comprising(Abstract) of: (c) identifying a relationship (i) between 
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at least one of the wireless access points and at least one of the wireless 
network nodes (Figs. 1-5, col.4, lines 45-55) or (ii) between any two wireless 
network nodes based on the received scan data, a characteristic of at least one 
of the wireless access points, a characteristic of at least one of the wireless 
network nodes or combinations thereof(Figs.1-5, col.4, lines 45-55), (d) storing 
the identified relationship, access point characteristic, node characteristic or 
combinations thereof as topology data(col.15, line 58-col.6, line 39); wherein 
the wireless network comprises a wireless local area network(col.5, lines 55- 
56). 

Sharma does not explicitly teach (a) initiating a scan of one or more wireless 
access points, one or more wireless network nodes or combinations thereof, wherein 
the scan is performed by a wireless sensor configured to monitor the wireless network 
and collect information from frames transmitted on the wireless network; (b) receiving 
scan data comprising information collected from IEEE 802.11 management and control 
frames transmitted on the wireless network, wherein the scan data is associated with 
monitoring of one or more wireless access points, one or more wireless network nodes 
or combinations thereof; (e) formatting topology data generated based upon a desired 
output format; and (f) outputting the formatted topology data to a desired output device; 
and (g) comparing the topology data to prior topology data to evaluate potential security 
and policy violations of the wireless network, wherein the comparing comprises one of a 
rules-based comparison, a pattern matching-based comparison, and a combination 
thereof. 
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Heitman teaches (b) receiving scan data wherein the scan data is associated 
with monitoring of one or more wireless access points, one or more wireless network 
nodes or combinations thereof(Abstract); (e) formatting topology data generated based 
upon a desired output format(Figs.28-34, col.3, lines 33-45); and (f) outputting the 
formatted topology data to a desired output device(Figs. 28-34, col.3, lines 33-45). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma to include (b) receiving scan data 
wherein the scan data is associated with monitoring of one or more wireless access 
points, one or more wireless network nodes or combinations thereof; (e) formatting 
topology data generated based upon a desired output format; and (f) outputting the 
formatted topology data to a desired output device as taught by Heitman in order to 
resolve network topology(Heitman, col.2, lines 60-67). 

One ordinary skill in the art at the time of the invention would have been 
motivated to combine the teachings of Sharma and Heitman in order to provide 
a system to manage policies for networks(Hietman, col.2, lines 3-30). 

Sharma in view of Heitman does not explicitly teach wherein the scan is 
performed by a wireless sensor configured to monitor the wireless network and collect 
information from frames transmitted on the wireless network; wherein the relationship is 
identified responsive to an analysis of the scan data and responsive to a relationship 
between the wireless sensor and a server; information collected from IEEE 802.1 1 
management and control. 
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However, Sharma, col. 25, lines 65-45, makes suggestions to different types of 
network and network technologies that can be used. 

Caffarelli teaches wherein the scan is performed by a wireless sensor 
configured to monitor the wireless network and collect information from frames 
transmitted on the wireless network; wherein the relationship is identified 
responsive to an analysis of the scan data and responsive to a relationship 
between the wireless sensor and a server; information collected from IEEE 
802.11 management and control. (Fig. 13, col. 5, lines 41-50, 65-67). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman to include wherein 
the scan is performed by a wireless sensor configured to monitor the wireless network 
and collect information from frames transmitted on the wireless network; wherein the 
relationship is identified responsive to an analysis of the scan data and responsive to a 
relationship between the wireless sensor and a server; information collected from IEEE 
802.1 1 management and control as taught by Cafarelli in order to efficiently monitor 
LAN(Cafarelli, col.3, lines 9-15). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, and Cafarelli in order to efficiently monitor LAN(Cafarelli, col.3, 
lines 9-15). 

Sharma in view of Heitman in further view of Cafarelli does not explicitly teach 
(g) comparing the topology data to historical topology data to evaluate potential security 
and policy violations of the wireless network, 
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Cooper teaches a network security policy monitoring system where traffic is 
monitored to see whether certain events are allowed by specified policies(Abstract, 
Figs.1-32,para.0045-0046). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
Cafarelli to include detecting whether there are potential security and policy violations 
as taught by Cooper in order to improve security of a network(Cooper, para. 0003). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Cafarelli, and Cooper in order to improve security of a 
network(Cooper, para. 0003). 

Sharma in view of Heitman in further view of Cafarelli in further view of Cooper 
does not explicitly teach historical topology data. 

Lewis explicitly teaches historical topology data(col.9, lines 3-23). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
Cafarelli in further view of Coopers to include historical topology data as taught by Lewis 
in order to analyze faults(Lewis, col.1 , lines 5-7). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Cafarelli, Coopers, and Lewis, in order to analyze faults(Lewis, 
col.1, lines 5-7). 
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Claims 36 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Patent 6,766,165 issued to Sharma et al.(Sharma) in view of US Patent 6,920,494 
issued to Heitman et al(Heitman) in further view of US Patent 6,693,888 issued to 
Cafarelli et al.(Cafarelli) in further view of US Publication 2003/0061506 issued to 
Cooper et al. (Cooper). 

As per claim 36, Sharma teaches a system for mapping the topology of a wireless 
network(col.12, lines 53-58), the system comprising: 

(a) a system data store (SDS) capable of storing topology data comprising 
access point characteristic data, wireless network node characteristic data, access 
point to node relationship data, node to node relationship data or combinations 
thereof(Fig.1-5, col.4, lines 45-55, col. 15, lines 58- col.6, line 39); and 

(b) a system processor comprising one or more processing elements, wherein 
the system processor is in communication with the SDS and wherein the one or more 
processing elements are programmed or adapted(Fig.1-5) at least to: 

(2) receive data and wherein the scan data is associated with monitoring of 
one or more wireless access points, one or more wireless network nodes or 
combinations thereof(col.4, lines 15-33); 

(3) identify a relationship (i) between at least one of the wireless access 
points and at least one of the wireless network nodes or (ii) between any two wireless 
network nodes based on the received scan data, a characteristic of at least one of the 
wireless access points, a characteristic of at least one of the wireless network nodes 
or combinations thereof(Fig.1-5, col.4, lines 45-55); 
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store the identified relationship, access point characteristic, node 
characteristic or combinations thereof in the SDS as topology data(Fig.1-5, 
col.4, lines 45-55, col. 12, lines 53-58); wherein the wireless network comprises 
a wireless local area network(col.5, lines 55-56). 

Sharma however does not explicitly (1 )initiate at least one scan of one or more 
access points, one or more network nodes or combinations thereof, wherein the at least 
on scan is performed by a wireless sensor configured to monitor the wireless network 
and collect information from IEEE 802.1 1 management and control frames transmitted 
on the wireless network and (5)format topology data generated based upon a desired 
output format and (6) output the formatted topology data to a desired output device; 
wherein the relationship is identified responsive to an analysis of the scan data and 
responsive to a relationship between the wireless and a server; (c) a wireless receiver 
that monitors wireless transmissions, wherein the wireless receiver is in communication 
with the system processor and wherein the system process's programming or 
adaptation to initiate at least on scan includes at least programming or adaptation to 
initiate the scan using the wireless receiver and wherein it's programming or adaptation 
to receive scan data includes at least programming or adaptation to receive scan data 
from the wireless receiver or from an interface therewith; (d) an intrusion detection 
engine configured to detect a usage volume, anomaly, a connectivity pattern anomaly, a 
policy violation, a security violation or combinations thereof; wherein an iteration of 
steps (1) through (6) is initiated responsive to the intrusion detection engine detecting a 
violation. 
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Heitman teaches (1)initiate at least one scan of one or more access 
points, one or more network nodes or combinations thereof(Abstract); and 
(5)format topology data generated based upon a desired output format and (6) 
output the formatted topology data to a desired output device(Figs. 28-34, 
col.3,lines 33-45). 

Therefore it would have been obvious to one ordinary skill in the art at 
the time of the invention to modify the teachings of Sharma to (1)initiate at least 
one scan of one or more access points, one or more network nodes or 
combinations thereof; and (5)format topology data generated based upon a 
desired output format and (6) output the formatted topology data to a desired 
output device as taught by Heitman in order to resolve network 
topology(Heitman, col. 2, lines 60-67). 

One ordinary skill in the art at the time of the invention would have been 
motivated to combine the teachings of Sharma and Heitman in order to provide a 
system to manage policies for networks(Hietman, col. 2, lines 3-30). 

Sharma in view of Heitman does not explicitly teach, wherein the at least on scan 
is performed by a wireless sensor configured to monitor the wireless network and collect 
information from IEEE 802.1 1 management and control frames transmitted on the 
wireless network; wherein the relationship is identified responsive to an analysis of the 
scan data and responsive to a relationship between the wireless and a server; (c) a 
wireless receiver that monitors wireless transmissions, wherein the wireless receiver is 
in communication with the system processor and wherein the system process's 
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programming or adaptation to initiate at least on scan includes at least programming or 
adaptation to initiate the scan using the wireless receiver and wherein it's programming 
or adaptation to receive scan data includes at least programming or adaptation to 
receive scan data from the wireless receiver or from an interface therewith; (d) an 
intrusion detection engine configured to detect a usage volume, anomaly, a connectivity 
pattern anomaly, a policy violation, a security violation or combinations thereof; wherein 
an iteration of steps (1) through (6) is initiated responsive to the intrusion detection 
engine detecting a violation. 

However, Sharma, col. 25, lines 65-45, makes suggestions to different types of 
network and network technologies that can be used. 

Cafarelli teaches wherein the at least on scan is performed by a wireless sensor 
configured to monitor the wireless network and collect information from IEEE 802.1 1 
management and control frames transmitted on the wireless network(Fig.13, col. 5, lines 
41-50, 65-67); (c) a wireless receiver that monitors wireless transmissions, wherein the 
wireless receiver is in communication with the system processor and wherein the 
system process's programming or adaptation to initiate at least on scan includes at least 
programming or adaptation to initiate the scan using the wireless receiver and wherein 
it's programming or adaptation to receive scan data includes at least programming or 
adaptation to receive scan data from the wireless receiver or from an interface 
therewith(Fig.13, col. 5, lines 41-50, 65-67); wherein the at least on scan is performed by 
a wireless sensor configured to monitor the wireless network and collect information 
from frames transmitted on the wireless network; wherein the relationship is identified 
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responsive to an analysis of the scan data and responsive to a relationship between the 
wireless and a server(Fig.13, col. 5, lines 41-50, 65-67). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman to include wherein 
the at least on scan is performed by a wireless sensor configured to monitor the 
wireless network and collect information from frames transmitted on the wireless 
network; wherein the relationship is identified responsive to an analysis of the scan data 
and responsive to a relationship between the wireless and a server as taught by 
Cafarelli in order to efficiently monitor LAN(Cafarelli, col. 3, lines 9-15). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, and Cafarelli in order to efficiently monitor LAN(Cafarelli, col. 3, 
lines 9-15). 

Sharma in view of Heitman in further view of Cafarelli does not explicitly teach 
(d) an intrusion detection engine configured to detect a usage volume, anomaly, a 
connectivity pattern anomaly, a policy violation, a security violation or combinations 
thereof; wherein an iteration of steps (1 ) through (6) is initiated responsive to the 
intrusion detection engine detecting a violation. 

Cooper teaches a network security policy monitoring system where traffic is 
monitored to see whether certain events are allowed by specified policies(Abstract, 
Figs.1-32,para.0045-0046). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in further view of 
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Cafarelli to include detecting whether there are potential security and policy violations 
as taught by Cooper in order to improve security of a network(Cooper, para. 0003). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Cafarelli, and Cooper in order to improve security of a 
network(Cooper, para. 0003). 

Claims 39-41 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
US Patent 6,766,165 issued to Sharma et al.(Sharma) in view of US Patent 6,920,494 
issued to Heitman et al(Heitman) in further view of US Patent 6,693,888 issued to 
Cafarelli et al. (Cafarelli) in further view of US Publication 2003/0061506 issued to 
Cooper et al. (Cooper) in further view of US Patent 5,636,344 issued to Lewis in further 
view of US Patent 6,665,269 issued to Schmitz. 

Sharma in view of Heitman in view of Cafarelli in view of Cooper in view of Lewis 
does not explicitly teach as per claim 39, the method of claim 1 , further comprising 
determining, from the scan data, wireless local area network configured properties for 
the at least one of the wireless access points. 

Schmitz teaches determining, from the scan data, wireless local area network 
configured properties for the at least one of the wireless access points(col.4, lines 4-8). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the teachings of Sharma in view of Heitman in view of Cafarelli 
in view of Cooper in view of Lewis to include determining, from the scan data, wireless 
local area network configured properties for the at least one of the wireless access 
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points as taught by Schmitz in order to troubleshoot network failures(Schmitz, col.1 , line 
28-30). 

One ordinary skill in the art would have been motivated to combine the teachings 
of Sharma, Heitman, Cafarelli, Cooper, Lewis and Schmitz in order to troubleshoot 
network failures(Schmitz, col.1, line 28-30). 

As per claim 40, the method of claim 39, wherein the wireless local area network 
configured properties comprise any of MAC address, access point name, Extended 
Service Set ID, supported wireless local area network rates, authentication modes, and 
wireless local area network encryption(Schmitz, col.4, lines 4-8). Motivation to combine 
set forth in claim 39. 

As per claim 41 the method of claim 1 , further comprising determining MAC 
addresses on all stations within the at least one of the wireless access points' Basic 
Service Set(Schmitz,Fig.5, col. 7, lines 1-25). Motivation to combine set forth in claim 39. 

Response to Arguments 

Applicant's arguments with respect to claims 1-12, 15-36,38-41 have been 
considered but are moot in view of the new ground(s) of rejection. 

Conclusion 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims above for the convenience of the applicant. 
Although the specified citations are representative of the teachings of the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
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may apply as well. It is respectfully requested from the applicant in preparing 
responses, to fully consider the references in its entirety as potentially teaching of all or 
part of the claimed invention. 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO-892. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BACKHEAN TIV whose telephone number is (571)272- 
5654. The examiner can normally be reached on M-F 8:30-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on (571) 272-3964. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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